server/lib/private/avatar.php
Lukas Reschke 34d0e610cc Filter potential dangerous filenames for avatars
We don't want to have users misusing this API resulting in a potential file disclosure of "avatar.(jpg|png)" files.
2015-04-28 16:57:23 +02:00

130 lines
3.6 KiB
PHP

<?php
/**
* @author Arthur Schiwon <blizzz@owncloud.com>
* @author Christopher Schäpers <kondou@ts.unde.re>
* @author Joas Schilling <nickvergessen@owncloud.com>
* @author Morris Jobke <hey@morrisjobke.de>
* @author Robin Appelman <icewind@owncloud.com>
* @author Robin McCorkell <rmccorkell@karoshi.org.uk>
* @author Roeland Jago Douma <roeland@famdouma.nl>
* @author Thomas Müller <thomas.mueller@tmit.eu>
* @author Lukas Reschke <lukas@owncloud.com>
*
* @copyright Copyright (c) 2015, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OC;
use OC\Files\Filesystem;
use OC_Image;
/**
* This class gets and sets users avatars.
*/
class Avatar implements \OCP\IAvatar {
/** @var Files\View */
private $view;
/**
* constructor
* @param string $user user to do avatar-management with
* @throws \Exception In case the username is potentially dangerous
*/
public function __construct ($user) {
if(!Filesystem::isValidPath($user)) {
throw new \Exception('Username may not contain slashes');
}
$this->view = new \OC\Files\View('/'.$user);
}
/**
* get the users avatar
* @param int $size size in px of the avatar, avatars are square, defaults to 64
* @return boolean|\OCP\IImage containing the avatar or false if there's no image
*/
public function get ($size = 64) {
if ($this->view->file_exists('avatar.jpg')) {
$ext = 'jpg';
} elseif ($this->view->file_exists('avatar.png')) {
$ext = 'png';
} else {
return false;
}
$avatar = new OC_Image();
$avatar->loadFromData($this->view->file_get_contents('avatar.'.$ext));
$avatar->resize($size);
return $avatar;
}
/**
* Check if an avatar exists for the user
*
* @return bool
*/
public function exists() {
return $this->view->file_exists('avatar.jpg') || $this->view->file_exists('avatar.png');
}
/**
* sets the users avatar
* @param \OCP\IImage|resource|string $data An image object, imagedata or path to set a new avatar
* @throws \Exception if the provided file is not a jpg or png image
* @throws \Exception if the provided image is not valid
* @throws \OC\NotSquareException if the image is not square
* @return void
*/
public function set ($data) {
if($data instanceOf \OCP\IImage) {
$img = $data;
$data = $img->data();
} else {
$img = new OC_Image($data);
}
$type = substr($img->mimeType(), -3);
if ($type === 'peg') {
$type = 'jpg';
}
if ($type !== 'jpg' && $type !== 'png') {
$l = \OC::$server->getL10N('lib');
throw new \Exception($l->t("Unknown filetype"));
}
if (!$img->valid()) {
$l = \OC::$server->getL10N('lib');
throw new \Exception($l->t("Invalid image"));
}
if (!($img->height() === $img->width())) {
throw new \OC\NotSquareException();
}
$this->view->unlink('avatar.jpg');
$this->view->unlink('avatar.png');
$this->view->file_put_contents('avatar.'.$type, $data);
}
/**
* remove the users avatar
* @return void
*/
public function remove () {
$this->view->unlink('avatar.jpg');
$this->view->unlink('avatar.png');
}
}